A couple days ago I had a brief article on the vandals banging away at the door of my ssh server. Like I said, I’ve, at times, been fairly smug abou the futility of their actions, but…. the persistance concerns me. Let me be more specific, I keep a fairly tight ssh server setup (don’t allow version 1, only have specific users allowed, use privilige seperation, deny root login, and keep it updated whenever there is a problem with a running version.) But, when you see a single IP making THOUSANDS of attempts to log in, you start thinking…. what if they were to hit on the right username and try a thousand combinations of passwords with that username. Hmmmm… disturbing. So, I wound up setting up denyhosts and thought I’d share a bit more about it here.